Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes according to a recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.
The scam netted the alleged identity thieves millions of dollars, an Associated Press report also said.
It indicates criminals were able to access PINs, the numeric passwords that theoretically are among the most closely guarded elements of banking transactions, by attacking the back-end computers responsible for approving the cash withdrawals, the report said.
Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft's Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet, the report said.
It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year and was first reported by technology news web site Wired.com.
The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven stores throughout the US, but it doesn't own or operate any of them.